I have an OpenBSD router at home that uses a few PF lines like the following:
match in all scrub (no-df random-id reassemble tcp) (...) pass out quick inet modulate state I've read the pf.conf man page and have a mild understanding of the "random-id" and "modulate state" bits, but still don't fully understand when and why they should be used or not used. The router is in front of a mix of devices and different OSes. Should I be using these 2 features for security purposes? I'm trying to diagnose some slowness and inconsistency in my home internet and didn't know if these might be slowing things down. The hardware is just an APU2, so nothing very powerful. Less than 1gbit connection.
